Legal Cloud Security – Not All Clouds Are Created Equal
Legal Data Security and Cloud Security in the Legal Profession Is Now Indispensable
Nearly 60 percent of 2019 TECHREPORT legal technology respondents surveyed by the American Bar Association acknowledged that they use the cloud for work. This is a sharp rise from the 38% who replied in the affirmative for the 2016 version of the survey. Simultaneously, cloud security concerns have risen among legal practitioners. As lawyers deal with highly sensitive and confidential documents, they are attractive targets for hackers and cybercriminals.
When it comes to the cloud, assuming and hoping you’re secure is not the same as knowing with certainty. The IT resource managing your security does not necessarily have the requisite skills to combat constantly-evolving cyber threats. Asking the tough questions and applying the appropriate resources is essential in safeguarding your firm.
Moving to the Cloud
Moving to the cloud is a good business decision. However, as noted by Joe Panettieri of MSSP, ransomware attacks continue to impact legal software platforms. As such, it can also be a scary one.
In order to keep your clients’ data safe while still enjoying the benefits of cloud computing, there are certain protections that you would be wise to implement. While having a budget for your business is important, server security is not the area where you want to cut corners.
Latest Data and Cloud Security Developments in the Legal Industry
On a panel at October’s Mass Torts Made Perfect conference, Eric Sanchez, the founder of GrowPath, spoke about recent cybersecurity breaches in the legal industry. It’s everyone’s worst nightmare to lose their data. That’s why your cloud storage must be a safe haven that is also configured well and constantly monitored. According to Sanchez, it’s essential to train staff in best practices in order to prevent a breach. Because staff will never be perfect no matter how much training they’re provided, additional protections must be utilized.
For legal case management providers that rely on platforms such as Salesforce, protection is not as comprehensive as clients would prefer to believe. Someone will inevitably click on something wrong; what then? Only GrowPath has a unique patented method for two-factor authentication. This helps to ensure that you’re not relying solely on staff discretion.
Spheres of Protection
As far as backups, the best approach is to have multiple backups that are secure, encrypted, and tested. Ideally, you have a combination of both online and offline backups. Data can also be downloaded and exported as a physical backup to an on-prem server. Tempting as it might be from a cost and control perspective, you don’t want to turn to an on-premises or hosted server as your primary solution. Why? Consider who is monitoring the system. A spartan IT staff simply can’t keep up with the speed of black hat hackers. After all, it takes a whole team to keep your system safe but just one bad actor to sabotage your system.
Sanchez also made the point that there are spheres of protection that need to be utilized beyond traditional software, updates, and firewalls. For example, a physical security key such as a U2F can be useful. (This key is a dongle with embedded code that is plugged into company computers to facilitate safe logins.) However, cybersecurity needs to be a top-down effort and not just left to the IT staff. Meaning, employees will mimic and adopt the security approach of managing partners and other executives. If it’s an afterthought for you, it’s an afterthought for them. In this regard, it’s a matter of psychology instead of technology. The person in the chair may even be specially targeted by hackers as a direct link to the firm’s servers, critical data, and applications.
It’s important to remember that IT staff don’t have CLE requirements that keep them on pace with near-daily innovations. The benefits of cloud-based platforms, in contrast, include Artificial Intelligence (AI) and machine learning. These technologies mean your server stays updated and far outperforms the protections of in-house servers. Still, you must from time to time audit any online cloud solution. The goal is to ensure that your server providers are keeping up with promises made and best industry practices.
Finally, keep in mind that an off-premises server is not necessarily the same thing as a cloud server. You’ll want to verify what your provider is actually offering. Sometimes, the server with your data is maintained by a third party off-premises but still hosted outside the cloud. In this case, it’s not much different or safer than if you maintain the server yourself on-premises.
As we’ve seen, having an outside company host your server outside the cloud can still be a risky proposition. Instead of investing in costly hardware for on-premises or hosted off-premises solutions, this outside company maintains a remote data center. This remote data center is no different than an in-house one. In contrast, there are cloud environments that companies are turning to from providers like Amazon Web Services, Google Cloud, and Microsoft Azure. These environments offer an added umbrella of protection. This protection is combined with flexible cloud infrastructure and modernized computing, networking, and storage resources for the consumer.
Ransomware’s Impact on the Legal Industry
Ransomware is a form of malware where a perpetrator hacks into your system and holds your data hostage. The hacker then demands payment in the form of electronic currency such as bitcoin. Obviously, this can lead to severe interruptions and on-going data privacy concerns. Unfortunately, antivirus software by itself is not enough to protect you from a devastating ransomware attack. Are you employing specialized and cutting-edge protection against ransomware on top of your general antivirus software?
According to Laura Calloway, Director of Service Programs for the Alabama State Bar, a ransomware infection is often precipitated by a successful spear phishing attempt. Spear phishing improves on broader phishing attempts by seeking out information about the target in order to make the email message seem more likely to really be from someone he or she knows, increasing the chances that the recipient will hurriedly and unthinkingly click the link or open the attachment. Once that happens, ransomware can infiltrate and encrypt all of the data on the hard drive. To make matters worse, most ransomware programs are now capable of encrypting not just the computer they are installed on but also data on networked drives, including backup drives.
Planning for the Worst
Ransomware is more than an inconvenience. Indeed, it could shut down your entire business indefinitely. Ask yourself: Do you have documented procedures for your staff to follow in the event of a ransomware crisis? Do you have a means of communicating effectively with staff if email functionality has been compromised?
Consider how you will notify clients and partners of the situation. Will you do so even if not legally required in your jurisdiction? If you choose to pay the ransom, do you know where and how you can acquire the necessary cryptocurrency? Do you have insurance for costs and liabilities arising from a cyber attack?
Preventing an Attack
If your organization is hit by ransomware, visit https://www.nomoreransom.org/ and see if there is a known solution for your ransomware variant. Of course, an ounce of prevention is worth a pound of cure. In order to provide you with the best methods for trying to head off a ransomware attack or other cybersecurity event, GrowPath has teamed with Jon Sternstein, Founder and Principal of Stern Security. Stern Security is a premier cybersecurity company headquartered in Raleigh, NC. Ask your IT team how many of these you’re currently utilizing:
Top 10 Solutions and Techniques for Preventing a Cyber Attack
1. Have a Data Security Strategy
2. Use Endpoint Protection
Ensure your organization data security is using an up-to-date endpoint protection product such as anti-virus, anti-malware, or application whitelisting.
3. Maintain Your Patching
Apply all security patches to all systems as patches are released to fortify cloud security.
4. Back-Up Your Data
Ensure that your organization has offline backups of all essential information. Remember! The backups must be tested regularly to ensure they work properly.
5. Remove Unnecessary Software
By removing unused software, your organization is limiting the attack surface of the devices.
6. Employ Email Filtering
Ransomware can be delivered via malicious email attachments, links, or phishing emails. Make certain that your email system blocks suspicious emails and malicious attachments.
7. Enact Network Share Access Controls
Limit access on network shares to the minimum needed for each employee to perform their job duties. If everyone has access to everything, one infected machine can quickly compromise an entire network and all files on the network shares.
8. Utilize Web Filtering
Block access to undesirable websites. Blocked websites can be filtered by URL or by elements within the URL.
9. Proactively Train Your Employees
Educate employees on the threat of ransomware so they can protect their systems and notify fellow staff members in case of suspicious activity.
10. Conduct Security Testing
Have penetration testing and risk analyses performed on your cloud and on-premise environments to find vulnerabilities before they are exploited.
Jon Sternstein assisted as co-author of this blog post and is the author of the Cisco Press course titled Security Penetration Testing (The Art of Hacking) LiveLessons. As a Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker, Jon has been a featured expert on ABC News, WRAL News, and Business North Carolina Magazine.